"Existential computing", where a device vanishes at the end of every web session, could be the answer to data hungry government officials armed with warrants and guns, according to Google's chief technology advocate, Michael Jones.
When that is the situation, forget whitelists, blacklists, or any more complicated security measures such as USB restrictions. Implementing security for the masses is often just too difficult for the masses.
Google's "latest bagging and beseeching of people" occurred this June when Gmail accounts were hacked, Jones told the Australian Information Security Association conference in Sydney last week.
"People have stupid passwords," he said.
Google had already rolled out two factor security for all Gmail users, which he said would have dealt with "99.999" of the problem. But even that effort to make security simple for people failed.
"We beg people to do it but they won't do it," said Jones.
The problem of implementing security was compounded by aggressive government tactics aimed at ISPs in some countries. Dealing with security at the point of contact was simply too late.
"Think about that before the guy shows up with the search warrant and gun, right. You can't think about it then. You fail if you think about it then. You have to think about it ahead of time."
Describing China's desire for the Delai Lama's emails as "unbelievable", Jones said, "They want data out of your computer, they want data out of my [Google's] computer because it's your data."
Jones pointed to the anonymity-enhancing tools, the Tor network and the more "extreme" Cocoon as current technologies that have the potential to address these threats and the complexities of implementing security.
"What if your web browser came packaged like this so you never browsed on your computer? That's kind of weird, I think, but still you could do that."
Cocoon was a "strange thing" said Jones. Users rely on Cocoon's computers for browsing after which it sends images of the session to the user over a secure tunnel.
People who used that "specifically don't trust Google, Yahoo, or Baidu", he said.
“I think it's really strange actually. But it's interesting that people develop relatively robust security measures that are easy to use. You just do this all in your browser and for the rest of your life your computer is impossible to be affected by anything you did.”
“No white list, no blacklist. No forbidding the use of a USB memory key. No infinity of things.”
All a user would need was “wimpy hardware with Google Chrome on it” for browsing or “regular computers” that browse remotely over somebody else's computer that was just a virtual image that getsre-imaged with every session.
“It's fantastic, it's not just virtual computing and virtualised hardware. It's like hypothetical computing, it's like so virtualised that it only stands up when you talk to it and then it goes away instantly, everything about it. It's like existential computing.”